{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-46738", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-10-25T14:30:33.752Z", "datePublished": "2024-01-03T15:35:16.372Z", "dateUpdated": "2024-01-03T15:35:16.372Z"}, "containers": {"cna": {"title": "Authenticated users can crash the CubeFS servers with maliciously crafted requests", "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "lang": "en", "description": "CWE-770: Allocation of Resources Without Limits or Throttling", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx"}, {"name": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1", "tags": ["x_refsource_MISC"], "url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1"}], "affected": [{"vendor": "cubefs", "product": "cubefs", "versions": [{"version": "< 3.3.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-01-03T15:35:16.372Z"}, "descriptions": [{"lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading."}], "source": {"advisory": "GHSA-qc6v-g3xw-grmx", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:cubefs:*:*:*:*:*:*:*:*", "matchCriteriaId": "6E8D59D8-6863-4398-9D77-2442BAF81108", "versionEndExcluding": "3.3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading."}, {"lang": "es", "value": "CubeFS es un sistema de almacenamiento de archivos nativo de la nube de c\u00f3digo abierto. Se encontr\u00f3 una vulnerabilidad de seguridad en CubeFS HandlerNode en versiones anteriores a la 3.3.1 que podr\u00eda permitir a los usuarios autenticados enviar solicitudes manipuladas con fines malintencionados que bloquear\u00edan el ObjectNode y negar\u00edan a otros usuarios su uso. La causa principal fue el manejo inadecuado de las solicitudes HTTP entrantes que podr\u00edan permitir a un atacante controlar la cantidad de memoria que asignar\u00eda el ObjectNode. Una solicitud maliciosa podr\u00eda hacer que el ObjectNode asigne m\u00e1s memoria de la que la m\u00e1quina ten\u00eda disponible, y el atacante podr\u00eda agotar la memoria mediante una \u00fanica solicitud maliciosa. Un atacante necesitar\u00eda estar autenticado para poder invocar el c\u00f3digo vulnerable con su solicitud maliciosa y tener permisos para eliminar objetos. Adem\u00e1s, el atacante necesitar\u00eda conocer los nombres de los dep\u00f3sitos existentes de la implementaci\u00f3n de CubeFS; de lo contrario, la solicitud ser\u00eda rechazada antes de llegar al c\u00f3digo vulnerable. Como tal, el atacante m\u00e1s probable es un usuario interno o un atacante que ha violado la cuenta de un usuario existente en el cl\u00faster. El problema se solucion\u00f3 en la versi\u00f3n 3.3.1. No existe otra mitigaci\u00f3n adem\u00e1s de la actualizaci\u00f3n."}], "id": "CVE-2023-46738", "lastModified": "2024-01-10T16:59:52.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-01-03T16:15:08.470", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}